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(54) Network connection controlling method and system thereof 



(57) An authentication checking server (101) makes 
user authentication checking when an access is made 
to an individual in-house server (103). A resource man- 
aging server (102) receives a resource request corre- 
sponding to the resource of the individual server (103), 
calculates the access right to the corresponding re- 
source based on the resource request and the result ol 
the authentication checking, and relays the calculated 



access right and the reisource request to the individual 
server (103). Upon receipt of the access right and the 
resource request, the individual server transmits the re- 
source as a mobile code. A client machine receives and 
executes the mobile code, whereby an encryption ac- 
cess is made to the resource of the individual server in- 
cluded in an in-house network via the relay agent gen- 
erated within the client machine. 
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Description 



[0001] The present invention relates to a iirewall tech- 
nique tor interconnecting the Internet and a LAN (Local 
Area Network), and lor securely proiecting the resourc- 
es within the LAN while permitting accesses made trom 
the Internet to the LAN. 

[0002] Conventionally, a firewall was arranged with a 
packet liltering method or a iiltering method as an appli- 
cation gateway. These methods are intended to deter- 
mine whether or not to permit an access Irom an outside 
to an inside tor each service. 

[0003] With the tirewall tor protecting in-house re- 
sources from an illegal attack from outside when an in- 
house LAN is connected to the Internet, all accesses 
are prohibited by default, and only a particular individual 
access is permitted. 

[0004] Therefore, with the current filtering method 
which respectively recognizes a service and a user as 
lirst and second standards, almost all network services 
become unavailable and even legal users cannot re- 
ceive useful Internet services. 

[0005] If network services are made available outside 
and inside a company depending on need in order to 
satisfy the recently diversilied demands of in-house us- 
ers data from many services are allowed to pass 
through the tirewall. As a result, it becomes difficult to 
maintain security. 

[0006] Additionally, using a remote access method 
" which is currently becoming popular login to an in- 
house LAN machine is permitted alter authentication, 
checking is made. Accordingly, even a single attack can 
possibly cause serious damage. 
[0007] As described above, with the conventional 
methods, if the number ot services which can externally 
use in-house resources increases, the possibility that 
the in-house resources, which must be protected, can 
be exposed to danger becomes great 
[0008] This invention was developed in the above de- 
scribed background, and aims at significantly improving 
the degree o1 convenience of a firewall, and at securing 
a security level equivalent to that o1 a conventional tech- 
nique by changing a filtering method 
[0009] The present invention assumes a network con- 
nection controlling method for interconnecting an exter- 
nal network (a network outside a company) and a local 
area network (a network inside a company). 
[0010] In an embodiment of the invention, authentica- 
tion checking is made for a user within an external net- 
work (a user of a client machine 301) when the user ac- 
cesses a local area network (an authentication checking 
server 101). 

[0011] Next, a resource request to access a resource 
within the local area network is received from the user 
based on the result ot the authentication checking {a re- 
source managing server 102). 

[001 2] Then, an access right to the resource within the 
local area network, is calculated in terms of level or ex- 



tent (catGQorised or graded) based on the resource re- 
quest and'^the result of the authentication checking (the 
resource managing server 102). 

[001 3] As a result, an access to the resource is made 
5 based on the calculated access right (the resource man- . 
aging server ^Q2) (e.g. to a calculated level o1 access). 
[0014] Here, the accessed resource is transmitted as 
' a mobile code to the client machine operated by the us- 
er. The client machine access the data within the re- 
70 source by receiving and executing the mobile code. 
[0015] In the above method, filtering is performed by 
recognizing a user and a sen/ice as first and second 
standards, so that it becomes possible to protect in- 
house resources from external attacks and to satisfy the 
75 diversilied demands of in-house users in accordance 
with the respective policies for respective users, that is, 
all company employees are permitted to make any ac- 
cesses by default, while external users are prohibited 
trom making any accesses by default. 
20 [0016] Additionally, a change is made from the con- 
ventional method for permitting login to a machine within 
an in-house network after authentication checking is 
made, to the method for externally transmitting only a 
requested in-house resource, thereby making the scale 
2S of damage which can possibly occur with a single attack 
less than that of a conventional technique. 
[0017] More specifically, the distinction between text 
information such as electronic mail received within a 
company, multimedia information, etc.. and the applica- 
30 tion program data of a system under development, is 
not made, and they are defined to be in-house resourc- 
es. The applications inside and outside the company 
can be linked and operate together. 
[0018] As described above, in an.embodiment of the 
35 invention, the degree of convenience of a firewall can 
be significantly improved by changing a filtering method, 
and moreover the security mechanism is duplicated by 
checking user authentication and controlling each ac- 
cess to in-house resources, thereby ensuring the secu- 
re rity level equivalent to that of a conventional technique. 
[0019] Reference is made, by way of example, to the 
accompanying drawings in which: 



45 



50 



55 



Fig. 1 is a block diagram showing the configuration 
of a system according to a preferred embodiment 
of the present invention (No. 1); 
Fig. 2 is a block diagram showing the configuration 
of the system according to the preferred embodi- 
ment of the present invention (No. 2): 
Fig. 3 is a schematic diagram explaining the oper- 
ations according to the preferred embodiment of the 
present invention (No. 1) ; 

Fig. 4 is a schematic diagram explaining the oper- 
ations according to the preferred embodiment of the 
present invention (No. 2); 

Fig. 5 is a schematic diagram explaining the oper- 
ations according to the preferred embodiment of the 
present invention (No. 3) ; 
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Fig. 5 is a schematic diagram explaining the oper- 
ations according to the preterrec embodiment o! the 
present invention (No. 4): 

Fig. 7 shows the sequence lor establishing a serv- 
ice between a client and a server. 
Fig. 8 shows the procedure sequence at an update 
(in the case where there is almost noiime difference 
between when a resource is received and when a 
rewrite operation is periormed): 
Fig. 9 shows the procedure sequence at an update 
(in the case where there is a lime difference be- 
tween when a resource is received and when a re- 
write operation is periormed); 
Fig. 10 exemplifies a client application program; 
Fig. n exemplifies a gate keeper program; and 
Fig. 12 exemplifies a resource manager program. 

[0020] Provided below is the explanation about the 
details of the preferred embodiment according to the 
present invention. 

<Characteristics of the Preferred Embodiment 
According to the Present lnvenlion> 

[0021] This preferred embodiment is characterized in 
that filtering is performed by respectively recognizing a 
user and a service as first and second standards, so that 
it becomes possible to protect in-house resources from 
external attacks, and also to satisfy the diversified de- 
mands of in-house users in accordance. with the respec- 
tive policies for respective user;s, that is. company em- 
ployees are permitted to make any accesses by default, 
while external users are prohibited from making any ac- 
cesses by default. 

[0022] Additionally, this preferred embodiment is 
characterized in that the scale of damage which can be 
possibly caused by a single attack can be made less 
than lhal of a conventional technique by changing the 
conventional method (or permitting (ogin to a machine 
included in an in-house network after authentication 
checking is made, to the method for transmitting only a 
requested in-house resource. 

[0023] IVIore specifically, according to this preferred 
embodiment, the distinction between in-house resourc- 
es, for example, between text information such as elec- 
tronic mail received within a company, multimedia infor- 
mation, etc., and the application program data of a sys- 
tem under development, is not made, and an application 
possessed inside the company is defined to be one of 
the in-house resources, whereby applications inside 
and outside the company can be linked and operate to- 
gether. 

[0024] As described above, according to this pre- 
ferred embodiment, the degree ot convenience of a fire- 
wall can be significantly improved by changing a filtering 
method, and additionally, the security mechanism is du- 
plicated by checking user authentication and by control- 
ling each access to in-house resources, thereby ensur- 



ing the security level equivalent to lhal of a conventional 
technique. 

<Configuranon of the Preferred Embodimenl According 
5 to the Present lnvenlion> 

[0025] Fig. 1 is a block diagram showing the configu- 
ration of the system according to the preferred embod- 
iment of the present invention. 

TO [0026] An aulhenlication checking server l0l, which 
is arranged within an in-house network, comprises at 
least one service request port for receiving a plurality of 
types of service requests such as telnet, ftp, htlp. etc., 
and has a mechanism lor checking user authentication. 

t5 This server 101 is connected to the Inlernel via an ISP 
(Internet Service Provider) 104 included in an external 
nelwork. 

[0027] A resource managing server 102, which is ar- 
ranged within the in-house network, has a capability for 

^0 nnanaging the resources within the in-house nelwork. 
and has a mechanism for restricting an access right to 
each of the in-house resources depending on the at- 
tribute or the degree of reliability of a user. This server 
102 is connected to the authentication checking server 

25 101. 

[0028] Note that the resource managing server 102 
and the authentication checking server 101 may be di- 
rectly connected as shown in Fig. 1 , or may be connect- 
ed via a packet filtering router 201 as shown in Fig. 2. 
30 . [0029] An individual server 103. which is arranged 
within the in-house network, provides a variety of serv- 
ices such as telnet, ftp, htlp. etc. This server 103 may 
be the same server as the resource managing server 
102. 

35 

<Principle of the Operations According to the Preferred 
Embodiment of the Present lnvention> 

[0030] Provided next is the explanation about the prin- 
40 ciple of the operations o1 the configuration according to 
the above described preferred embodiment. 
[0031] A user ID and an authentication password are 
registered to the authentication checking server 101 be- 
forehand. 

45 [0032] If a user ID is not registered to the authentica- 
tion checking server 101 , the corresponding user is rec- 
ognized to be an external user. 

[0033] A pass-phrase or an one-time password, etc., 
which are used by a public key encrypting system, can 

50 be adopted as the authentication password, while an 
electronic mail address is adopted as the user ID. 
[0034] A user who desires to access an in-house re- 
source makes a connection to the authentication check- 
ing server 101, and transmits a service request, the user 

55 ID, and the authentication password to the authentica- 
tion checking server 101. 

[0035] The authentication checking sen/er 101 which 
has received the service request calculates the degree 
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ot reliability ot the user by making a malching between 
the received user ID and authentication password, and 
the reoistered user ID and authentication password. 
[0036]" The authentication checking server lOl then 
opens a port (socket) lor a client machine as the prep- 
aration lor accepting the resource request. 
[0037] The client machine ttansmits the logical name 
ot a desired in-house resource to the port as a resource 
request. The resource specilication is made with a URL 
(Unitormed or Universal Resource Locator). 
[0038] The authentication checking server 101 trans- 
mits to the resource managing server 102 the resource 
request transmitted from the client machine and the de- 
gree o1. reliability ol the user which is calculated before- 
hand. 

[0039] Upon receipt of the resource request and the 
degree ol reliability of the user from the authentication 
checking server 101, the resource managing sen/er 1 02 
delects the individual server 103 which provides the 
specified in-house resource, according to the logical 
name of the in-house resource included in the resource 
request Furthermore, the resource managing server 
102 determines an access right to the requested tn- 
house resource according to the degree ot reliability ol 
the user, which is received from the authentication 
checking sen/er 101, transmits the resource request 
and the access right to the individual server 103, and 
requests the program code (mobile code) which pro- 
vides the requested in-house resource. 
[0040] The individual server 103 which receives the 
resource request and the access right Irom the resource 
managing server 102. generates the mobile code, and 
embeds a requested resource, a program for accessing 
the resource.lhe individual settings such as the access 
right received from the resource managing server 102. 
a client identification code, the expiry date of the pro- 
gram, etc. in the generated mobile code. Then, the in- 
dividual server 103 returns the mobile code to the re- 
source managing server 102. 

[0041] Upon receipt of the mobile code from the indi- 
vidual server 103, the resource managing server 102 
returns it to the authentication checking server 101 
[0042] Upon receipt ot the mobile code Irom the re- 
source managing server 102. the authentication check- 
ing server 101 encrypts the mobile code by using the 
registered password (such as a public key. etc.) of the 
user who has issued the resource request, and returns 
the encrypted mobile code to the client machine which 
has issued the resource request. 
[0043] The client machine which has received the en- 
crypted mobile code extracts the secret key ot the user 
by using the pass-phrase that the user has transmitted 
to the authentication checking server 1 01 at the time ot 
the authenticationchecking. decrypts the encrypted mo- 
bile code with the secret key, and executes the program 
of the mobile code. Consequently, the in-house re- 
source requested by the user is reproduced on the client 
machine. 



[0044] The in-house resource reproduced on the cli- 
ent machine rejects an access request which violates 
the access -right by referencing the access right and the 
client identification code, which are embedded in the re- 
£ source itself. 

<Specific Operations According to the Preferred 
Embodiment of the Present lnvention> 

70 [0045] Sequentially provided below are the explana- 
tions about the specific operations according to the pre- 
ferred embodiment of the present invention, by referring 
to the schematic diagrams explaining the operations 
shown in Figs. 3 through 6. the sequences shown in 
IS Figs, 7 through 9, and the program examples shown in 
Figs. 10 through 12. 

[0046] The explanations to be provided below as- 
sume that the authentication checking by the authenti- 
cation checking server 101 is made based on the public 
20 key encrypting system, a pass-phrase is used as the au- 
thentication password, and an electronic mail address 
is used as the user ID. 

[0047] The authentication checking server 101 has a 
pair of the electronic mail address and the public key of 
25 a user as user information. 

[0048] In the authentication checking server 101. a 
gate keeper 303, as shown in Fig. 3, which is a server 
program for making the authentication checking, leaves 
only the authentication checking port (socket) open. 
30 Whatever network service is used, the connection to this 
port is first made, and then the authentication checking 
is made. When the gate keeper 303 opens the above 
described port, for example, the program code shown 
in step 1 of Fig. 11 is executed. 
35 [0049] If a user requests a network service within an 
in-house network by executing a client application 302 
(F ig. 3) of a client machine 30 V an authentication check- 
ing request is first issued trom the client machine 301 to 
the authentication checking server 101 (SI of Fig, 7). In 
40 this case, the client application 302 executes, for exam- 
ple, the program codes shown in steps 1 and 2 ot Fig. 
10. The authentication checking server 101 is specified 
in step 1, while the connection to the authentication 
checking port of the authentication checking server 101 
45 is made in step 2. 

[0050] If the connection to the authentication check- 
ing server 101 is successfully made, the user inputs his 
or her user ID and authentication password by using the 
window displayed on the client machine 301. The user 
50 ID is the electronic mail address ot the user, while the 
authentication password is the pass-phrase used when 
the public and secret keys are generated. 
[0051] Upon receipt of the user ID and the authenti- 
cation password from the client machine 303. the gate 
55 keeper 303 included in the authentication checking 
server 101 decrypts the authentication password by us- 
ing the public key of the user and determines whether 
or not the received user ID is registered to a user data- 
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base, which is not shown in Fig. 3 bul is included in \he 
authenlication checking server ^0^, and whether or noi 
the received authenlication password matches any au- 
thentication password stored in the user database, i1 the 
user ID is registered (S2 o1 Fig. 7). In this case, the gate 
keeper 303 executes, lor example, the program codes 
shown in steps 2 and 3 o1 Fig. 11. The process (or re- 
ceiving the user ID and the authentication password is 
performed in step 2, while the process (or checking au- 
thentication is performed in step 3. 
[0052] Next, the gate keeper 303 calculates the de- 
gree of reliability of the user by referencing the above 
described user database with the result of the authenti- 
cation checking (S2 of Fig. 7). In this case, the gate 
keeper 303 executes, tor example, the program code 
shown in step 4 of Fig. n . 

[0053] If the electronic mail address of the user, which 
is the user ID, is registered in the user database and if 
the authentication password is legal, a high degree of 
reliability is provided to the user so that he or she can 
use many services. 

[0054] If the user ID is not registered in the user da- 
tabase, this user is recognized to be an external user 
and a low degree of reliability is provided to the user. In 
this case, only services which do not require the authen- 
tication checking, such as the acceptance of electronic 
mail addressed loan in-house user, etc. are provided. 
[0055] If the authentication password is illegal al- 
though the user ID is registered to the user database, 
this access is deterrhined to be an attack and is rejected. 
[0056] If the authenlication checking is properly 
rhade, the gate keeper 303 securias the port (socket) lor 
accepting the resource request issued from the user 
(permission/connection port), and activates a relay 
server for relaying resource associated information, 
which is communicated between the client machine 301 
and the resource managing server 102, in correspond- 
ence with the secured port. Then, the gate keeper 303 
notifies the client machine 301 of the above described 
permission/connection port (S3 ot Fig. 7). In this case, 
the gate keeper 303 executes, for example, the program 
codes shown in steps 5 through 8 of Fig. 11. In step 5, 
it is determined whether or not the degree ot reliability 
is higher than a threshold. In step 6, the number of the 
permission/connection port is dynamically secured. In 
step 7, the relay server using this port number is acti- 
vated. In step 8, the above described port number is no- 
tified to the client machine 301 if the relay server is suc- 
cessfully activated. 

[0057] When the permission/connection port is noti- 
fied from the authentication checking server 1 01 , the cli- 
ent application 302 executed by the client machine 301 
assembles the resource request in a predetermined da- 
ta format, extracts the secret key by receiving from the 
user the pass-phrase for extracting the secret key of the 
user, and encrypts the resource request with the secret 
key. Then, the client application 302 transmits the en- 
crypted resource request by using the notified port (S4 



e 

of Fig. 7). In this case, the client application 302 exe- 
cutes, for example, the code shown in step 3 of Fig. 10. 
[0058] The relay server, which is operated by the au- 
thentication checking server 1 Ol . decrypts the resource 

5 request received from the client machine 301 with the 
public key corresponding to the user who has transmit- 
ted the request, embeds in the decrypted resource re- 
quest the degree of reliability, which is calculated for this 
user (S2 of Fig. 7), and transmits the resource request 

10 to the resource managing server 102 {S5 of Fig. 7). 
[0059] The resource manager 304 (shown in Fig. 3). 
which is operated by the resource managing server 1 02. 
has the mechanism for providing an external user via 
an external network with the directory tor searching for 

'5 the individual server 103 which provides the in-house 
resource corresponding to the logical name of an in- 
house resource, and for determining the access right 
from the client machine 301 to the in-house resource. 
[0060] More specifically, the resource managing serv- 

20 er 102 parses the resource request, extracts the re- 
source name and the degree of reliability of the user, 
and calculates the access right to the resource by using 
the extracted information, upon receipt ot the resource 
request from the authentication checking server 1 01 (S6 

25 of Fig. 7). The access right includes, for example, the 
right to pertorm a read /write operation for an in-house 
user, the right to pertorm only a read operation for an 
external user, the right to prohibit an access to a confi- 
dential resource for an external user, etc. In this case, 

30 the resource manager 304 executes, for example, the 
. program codes shown in steps 1 through 3 of Fig. 12. 
In step 1, the process for receiving a resource request 
is performed. In step 2, a data set "p". which includes 
the resource name and the degree of reliability of a user, 

35 is extracted by performing the process for parsing the 
received resource request. In step 3, the process for cal- 
culating the access right to the data set "p" is performed. 
[0061] Note that the determination of the access right 
may be made by the individual server 103. 

40 [0062] Next, the resource managing server 102 
searches for the individual server 103 which provides 
the network service corresponding to the parsed re- 
source request, transmits the parsed resource request 
and the access right to the searched individual server 
103, and requests the relay agent which is the above 
described mobile code for providing the requested in- 
house resource (S7 of Fig. 7). In this case, the resource 
manager 304 executes, for example, the program codes 
shown in steps 4 and 5 of Fig. 1 2. It is determined wheth- 

50 er or not a permissible access right can be obtained in 
step 4, while the resource request, the access right, and 
the request of the relay agent are transmitted to the in- 
dividual server 103 in step 5. 

[0063] The individual server 103. which has received 
55 the resource request, the access right, and the request 
of the relay agent from the resource managing server 
102. generates the requested relay agent, and embeds 
in the generated relay agent the individual settings such 
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as the access right received trom the resource' manag- 
ing server, the client identification code, the expiry date 
01 the program, etc. (S6 o\ Fig. 7). This relay agent .s 
written as a mobile code, lor example, in JAVA provided 
by Sun Microsystems. The relay agent can freely move 
within in-house and extemal networks, and includes the 

contenis of an in-house resource and the interlace 

(method) for accessing the contents. 

[0064] The individual server I03then returns the relay 

agent to the resource managing server 1 02 as shown in 

Fig. 4 (S9 of Fig. 7). 

[0065] Upon receipt o1 the relay agent, the resource 
manager 304 operated by the resource managing serv- 
er 102 returns the relay agent to the authentication 
checking server ^Q^ (SiO of Fig. 7). In this case, the 
resource manager 304 executes, for example, the pro- 
gram code shown in step 6 of Fig. 12. 
[0066] Upon receipt of the relay agent, as shown in 
Fig 4 the above described relay server operated by the 
authentication checking server 101 encrypts the relay 
agent with the registered public key o1 the user who has 
transmitted the resource request (the key represented 
within the authentication checking server 101 of Fig. 4). 
and returns the encrypted relay agent to the client ma- 
chine 301 which has transmitted the resource request 

(S11 of Fig. 7) . 
[0067] The client machine 301 which has received the 
encrypted relay agent extracts the secret key of the user 
with the pass-phrase that the user has transmitted to the 
authentication checking server 101 at the time o1 the au- 
thentication checking, decrypts the encrypted relay 
aqent 401 with the secret key (the key represented with- 
in the client machine 301 of Fig. 4), and executes the 
program of the relay agent (SI 2 of Fig. 7). In this case, 
the client application 302 run by the client machine 301 
executes for example, the program codes shown in 
steps 4 through 6 of Fig. 10. In step 4. it is determined 
whether or not the relay agent 401 has been received 
In step 5. the relay agent 401 is decrypted. In step 6. 
the decrypted relay agent 401 is executed. 
[0068] Consequently, the in-house resource request- 
ed by the user is reproduced on the client machine 30i 
The user can access the in-house resource reproduced 
on the client machine 301 within the client machine 301 
itself asynchronously to the individual server 103 includ- 
ed in the in-house network, as shown in Fig. 5. 
[0069] The relay agent 401 executed by the client ma- 
chine 301 rejects an access request which violates the 
access right by referencing the access right and the cli- 
ent identification code, which are embedded in the agent 

401 itself.. . 
[0070] Provided next is the explanation about the 
case where a data rewrite request to an in-house re- 
source occurs within the client machine 301 . by referring 
to the schematic diagram explaining the operations 
shown in Fig. 6 and the sequences shown in Fig. 6 and 
9 Fig 8 shows the sequence used when there IS almost 
no time difference between when an in-house resource 



,c received by the client machine 30i and when a rewnle 
request is issued. Fig. 9 shows the sequence used when 
there is a time differerice. The explanation will be pro- 
vided by referring to both of Figs. & and S. 
s [0071] When a rewrite request occurs within the client 
machine 301 (Si of Fig. 6 or 9). the relay agent 401 ex- 
ecuted by the client machine 301 checks the access 
right of the user who has issued the request according 
to the code included in the request (52 of Fig. 6 or 9). 
10 [0072] If the access is permissible, the relay agent 
401 issues an authentication checking request to the au- 
thentication checking server 101 (S3 of Fig. 8 or 9. This 
authentication checking request includes a user ID and 
an authentication password in a similar manner as in 81 
IS of Fig. 7). 

[0073] Upon receipt of the user ID and the authenti- 
cation password Irom the client machine 301 , the gate 
keeper 303 included in the authentication checking 
server 101 checks an amount of time elapsed from the 
20 connection start of the corresponding the user (S4 ot 
Fig. 8 or S4' of Fig. 9) 

[0074] If the amount of elapsed time is equal to or 
smaller than a predetermined amount, and if the permis- 
sion/connection port (refer to S3 of Fig. 7) for accepting 
25 the resource request from the user is still open, the gate 
keeper 303 notifies the client machine 301 of this per- 
mission/connection port {S5 of Fig. 8). 
[0075] If the amount of elapsed time is longer than a 
predetermined amount, and if the permission/connec- 
■ 30 tion port for accepting the resource request from the us- 
er is closed, the gate keeper 303 performs the authen- 
tication checking and the reliability degree calculation 
process in the similar manner as in S2 of Fig. 7 (S4' of 
Fig. 9). and notifies the client machine 301 o1 the resutt- 
35 antly secured permission/connection port (S5 of Fig. 9). 
[0076] When the permission/connection port is noti- 
fied from the authentication checking server 1 01 , the re- 
lay agent 401 executed by the client machine 301 as- 
sembles the rewrite request in a predetermined data f or- 
40 mat in a similar manner as in S4 of Fig. 7, extracts the 
secret key of the user with the pass-phrase that the user 
has transmitted to the authentication checking server 
101 at the time of the authentication checking, and en- 
crypts the rewrite request including a new content to be 
45 rewritten to an in-house resource by using the secret 
key. Next, the relay agent 401 transmits the encrypted 
rewrite request by using the notified port {S6 of Fig. 8 or 
9). 

[0077] The relay server executed by the authentica- 
50 lion checking server 101 decrypts the encrypted rewrite 
request received from the client machine 301 with the 
public key corresponding to the user who has transmit- 
ted the request, embeds in the decrypted rewrite re- 
quest the degree of reliability, which was previously (m 
55 the case shown in Fig. 8) or is newly (in the case shown 
in Fig. 9) calculated, and transmits the rewrite request 
to the resource managing server 102 (S7 of Fig. 8 or 9). 
[0078] Upon receipt of the rewrite request from the au- 
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ihenticaiion checking server 101, the resource manacei 
304 operated by the resource managing server 102 
parses this request, extracts the resource name and the 
degree ol reliability ol the user, and calculates the ac- 
cess right lo the resource by using the extracted infor- 
mation in a similar manner as in S5 ot Fig. 7 (S£ ot Fig 
e or 9). 

[0079] The resource managing sever 102 searches 
lor the individual server 1 03 which provides the network 
service corresponding to the parsed rewrite request, 
and transmits the parsed rewrite request and the access 
right to the searched individual server 1 03 (S9 ol F ig. S 
or 9). 

[0080] The individual server 103 which has received 
the rewrite request and the access right from ihe re- 
source managing server 102 rewrites the content includ- 
ed in the rewrite request to the in-house resource based 
on the access right. 

[0081] When the rewrite operation is successfully per- 
formed, the notification ol the success of the rewrite op- 
eration is returned from the individual server 103 to the 
client machine 301 . and the rewrite process is complet- 
ed (SIO of Fig. 8 or 9). 

[0082] The relay agent 401 executed by the client ma- 
chine 301 automatically terminates its process, if the 
amount of elapsed execution time exceeds the expiry 
date set within the relay agent 401 itself. 



Claims 

1. A network connection controlling method for inter- 
connecting an external network and a local area 
network, comprising the steps of: 

making authentication checking for a user with- 
in the external network when the user accesses 
the local area network; 

receiving a resource request to access a re- 
source within the local area network from the 
user based on a result of the authentication 
checking: 

calculating an access right to the resource with- 
in the local area network, which is requested by 
the resource request, based on the resource re- 
quest and the result ol the authentication 
checking; and 

accessing the resource based on the calculat- 
ed access right. 

2. The method according to claim 1, further compris- 
ing the steps of: 

transmitting the accessed resource to a client 
device operated by the user as a mobile code 
including a program for accessing data includ- 
ed in the resource; and 

accessing the data included in the resource by 



receiving and executing the mobile code. 

3. The method according lo claim 2, further compris- 
ing the steps of: 

£ 

embedding an access control code which is 
based on the result of the authentication check- 
ing in the access program included in the mo- 
bile code: and 

10 controlling an access that the client device 

makes to the data included in the resource 
based on the access control code. 

4. The method according lo claim 2 or 3. further com- 
prising the steps of: 

embedding an expiry date control code in the 
mobile code: and 

controlling a time period during which the client 
20 device can execuie the mobile code based on 

the expiry date control code. 

5. The method according to claim 2. 3. or 4, further 
comprising the steps ol: 

25 

including the mobile code as a relay agent 
which implements a communication between a 
resource reproduced on the client device when 
the mobile code is executed by the client de- 
30 : vice, and a resource of a distribution source; 

which corresponds to the mobile code; and 
encrypting the communication between the re- 
sources. 

35 6. The method according to any preceding claim, fur- 
ther comprising the step of: , 

communicating each ot a plurality of types of 
resource requests based on a predetermined data 
format by using a single communications port. 

40 

7. The method according to any of claims 2 to 5, fur- 
ther comprising the step of: 

issuing a rewrite request to a resource of a 
distribution source by using a degree of reliability ol 
45 the user when the resource is updated by the client 
machine. 

8. A method for making an access from a client to a 
resource of an individual server, the client access- 

so ing the resource by receiving trom the server the 
resource to be accessed as an encrypted mobile 
code including data within the resource and a pro- 
gram for accessing Ihe data, and by executing the 
received mobile code. 

55 

9. The method according to claim 6. comprising the 
steps of: 
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arranging an authenticating server between an 
external client and the individual server 
transmitting an ID and a password to the au- 
thenticating server: and 

receiving a port number coriesponding lo the 
individual server i1 authentication is successiui- 
!y made, and requesting the mobile code by us- 
ing the port number. 

10. A rTiethod tor connecting a client and a server, com- 
prising the steps of: 

making authentication checking upon receipt of 
an authentication request from the client; 
calculating a degree o1 reliability of a user: 
opening a port corresponding to an individual 
servei m response to a resoutce tequest issued 
from the client; and 

notifying the client of the port number for trans- 
mitting a request to the individual server, and 
then relaying a resource of the individual server 
as a mobile code composed of data included in 
the resource and a program for accessing the 
data. 

11. A method for connecting a client and an individual 
server, wherein: 

the individual server is managed by parsing a 
resource request upon receipt of the resource re- 
quest from the client, calculating an access right 
corresponding to the individual server, transmitting 
the request lo the individual server when a permit- 
ted access right is obtained, and reluming a re- 
quested resource as a mobile code composed of 
resource data and an access program lo the client. 



13. A computer-readable storage medium storing a 
program which directs a computer to perform a net- 
work connection controlling process for intercon- 
necting an external network and a local area net- 
s work, the process comprising the steps of: 

making authentication checking lor a user with- 
in the external network, when the user access- 
es the local area network: 
70 receiving fiom the user a resource request to 

access a lesource within the local area network 
based on a result of the authentication check- 
ing: 

calculating an access right lo the resource with- 
75 in the local area network, which is requested by 

the resource request, based on the resource re- 
quest and the result of the authentication 
checking: and 

accessing the resource based on the calculat- 
ed access right. 



20 



25 



30 



35 



14. 



12. A network connection controlling system for inter- 
connecting a client device within an external net- 
work and a resource providing server within a local 

• ■ 40 

area network, comprising: 

an authentication checking server device (101) 
for making authentication checking for a user 
of the client device within the external network, 
when the user accesses the resource providing 
server device within the local area network; and 
a resource managing server device (102) for re- 
ceiving a resource request to access a re- 
source provided by said resource providing 
server device from the user based on a result 
. ol the authentication checking, for calculating 
an access right to the resource which is provid- 
ed by said resource providing server device 
and is requested by the resource request, 
based on the resource request and the result 
of the authentication checking, and tor relaying 
the resource request and the access right to 
said resource providing server device. 



45 



50 



55 



A method for making an access from a client to a 
resource of an individual server, the client access- 
ing the resource by receiving from the individual 
server the resource to be accessed as an encrypted 
mobile code including data within the resource and 
a program for accessing the data, and by executing 
the received mobile code. 
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(54) Network connection controlling method and system thereof 



(57) An authentication checking server (101) makes 
user authentication checking when an access is made 
to an individual in-house server (103). A resource man- 
aging server (102) receives a resource request corre- 
sponding to the resource of the individual server (103), 
calculates the access right to the corresponding re- 
source based on the resource request and the result ot 
the authentication checking, and relays the calculated 



access right and the resource request to the individual 
server (103). Upon receipt of the access right and the 
resource request, the individual server transmits the re- 
source as a mobile code, A client machine receives and 
executes the mobile code, whereby an encryption ac- 
cess is made to the resource ot the individual server in- 
cluded in an in-house network via the relay agent gen- 
erated within the client machine. 
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